136739 matches found
Malicious code in apple-app-store-server-library-poc (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f6b57befbd248b884d81978566bd3d4a57ef499f1eb8f8f66c00dc02e76588c The package apple-app-store-server-library-poc was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3122 Malicious code in @w3m-frame/session_update (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a327a8e78038064af56af7f6b1aa21b98a0cee0ed571f5fa53d6187a2b8f9cd1 The package @w3m-frame/sessionupdate was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3108 Malicious code in @activation_code/success (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d00bacff8cfa3ae8a22cfb51c4be0ad025ce42bc29929c07a7eaad6be36c702c The package @activationcode/success was found to contain malicious code. Source: ghsa-malware...
Malicious code in @apple-pay-trust/finish (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9abd2d210c4a5df0e95f326e80b2e6618647c03ba4158e1d6ffbd36d9f7b800a The package @apple-pay-trust/finish was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3124 Malicious code in apple-internal-dev-check (npm)
Malicious npm package published by threat actor "raya4321" as part of a coordinated typosquatting campaign impersonating Apple internal infrastructure services authentication, PKI, telemetry, CloudKit, and cloud infrastructure. All packages in this campaign execute credential-theft payloads durin...
Malicious code in frank-research-poc-apple (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 216e5eb321826d85c29f23b333d509a469f138b5317a41b818da919bc9bf9c47 The package frank-research-poc-apple was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3081 Malicious code in frank-research-poc-apple (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 216e5eb321826d85c29f23b333d509a469f138b5317a41b818da919bc9bf9c47 The package frank-research-poc-apple was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in @clearpool/table (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79bdf65c3193663ec05f4281e94765c2106a6a5ce8bd9860a4cfcbaab419f0c9 The package @clearpool/table was found to contain malicious code. Source: ghsa-malware 34f072d9880102a7b4495043aa1155a43587246ae13f1974b107df2bbe4760...
MAL-2026-3058 Malicious code in @clearpool/table (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79bdf65c3193663ec05f4281e94765c2106a6a5ce8bd9860a4cfcbaab419f0c9 The package @clearpool/table was found to contain malicious code. Source: ghsa-malware 34f072d9880102a7b4495043aa1155a43587246ae13f1974b107df2bbe4760...
MAL-2026-3080 Malicious code in frank-bot-gogle-cloning (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 44bf385867bdd18d9634c115e9e423146f198038e6fdb1d6dca9c95743f3af4b The package frank-bot-gogle-cloning was found to contain malicious code. Source: ossf-package-analysis...
NPM: OpenClaw: Bundled MCP/LSP tools could bypass configured tool policy
NPM: OpenClaw: Bundled MCP/LSP tools could bypass configured tool policy vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...
NPM: OpenClaw: Paired-device pairing actions were not limited to the caller device
NPM: OpenClaw: Paired-device pairing actions were not limited to the caller device vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...
NPM: OpenClaw: Hook mapping templates could bypass hook session-key opt-in
NPM: OpenClaw: Hook mapping templates could bypass hook session-key opt-in vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...
MAL-2026-3063 Malicious code in @google-pay-trust/finish (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fd69ccad4854f078fe0d815a4f14a1b8ef69fd62704fbf4be49710a2c3926b2 The package @google-pay-trust/finish was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3039 Malicious code in process-app-task (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e9459ef3208e8a07fbb99a80ce6bc5f0a6b9c6511da51241bac7c034632b7e1 The package process-app-task was found to contain malicious code. Source: ghsa-malware e03db779eee12801bb79b31d14cb5519f499b54a039c4428b125a23c26a652...
MAL-2026-3033 Malicious code in tether-base (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f3a15feaa501454125206345e0e802667759555738db7b1a1ee9ad5dc6b0098a The package tether-base was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-3079 Malicious code in axis-ui-generator (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 898e7e6953d0a1f5efd906c36d9a6c798f0dce58017ac54df6e1b09bd26dd6d1 The package axis-ui-generator was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in axis-abc-portal-menu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84dbd03fbc7970d1f3fc987743f698a9ea6a0af44ea2b89d0f2c1cbaa397f933 The package axis-abc-portal-menu was found to contain malicious code. Source: ossf-package-analysis...
NPM: simple-git is vulnerable to Remote Code Execution
NPM: simple-git is vulnerable to Remote Code Execution vulnerability discovered by ? in WordPress Npm simple-git versions 3.36.0...
MAL-2026-3024 Malicious code in auth0-ui-components-docs (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e0d97624d1290690782d9c5e369ea2df5642da13ce61f091ea686ff4af38ce1 The package auth0-ui-components-docs was found to contain malicious code. Source: ghsa-malware...